CVE-2025-38700
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated In case of an ib_fast_reg_mr allocation failure during iSER setup, the machine hits a panic because iscsi_conn->dd_data is initialized unconditionally, even when no memory is allocated (dd_size == 0). This leads invalid pointer dereference during connection teardown. Fix by setting iscsi_conn->dd_data only if memory is actually allocated. Panic trace: ------------ iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12 iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers BUG: unable to handle page fault for address: fffffffffffffff8 RIP: 0010:swake_up_locked.part.5+0xa/0x40 Call Trace: complete+0x31/0x40 iscsi_iser_conn_stop+0x88/0xb0 [ib_iser] iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi] iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi] iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi] ? netlink_lookup+0x12f/0x1b0 ? netlink_deliver_tap+0x2c/0x200 netlink_unicast+0x1ab/0x280 netlink_sendmsg+0x257/0x4f0 ? _copy_from_user+0x29/0x60 sock_sendmsg+0x5f/0x70
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-09-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38700
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel 6.1.153
linux kernel 5.10.244
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's SCSI iSCSI library (libiscsi). When setting up iSER (iSCSI Extensions for RDMA), if the allocation of ib_fast_reg_mr memory fails, the system still initializes a pointer (iscsi_conn->dd_data) without verifying that memory was actually allocated. This leads to an invalid pointer dereference during connection teardown, causing the machine to panic (crash). The fix ensures that iscsi_conn->dd_data is only initialized if memory allocation succeeds.


How can this vulnerability impact me? :

This vulnerability can cause a system panic (crash) in the Linux kernel when the iSER setup fails to allocate necessary memory. This can lead to denial of service as the affected machine may become unresponsive or reboot unexpectedly due to the kernel panic triggered by the invalid pointer dereference.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for kernel panic messages related to iscsi and ib_fast_reg_mr allocation failures. Specifically, look for panic traces containing messages like 'iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12' and 'BUG: unable to handle page fault for address'. Commands such as 'dmesg | grep -i iser' or 'journalctl -k | grep -i iscsi' can help identify these panic messages in the logs.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where the iscsi libiscsi code initializes iscsi_conn->dd_data only if memory is allocated, thus preventing the panic. Until an update is applied, monitoring for the panic conditions and avoiding workloads that trigger iSER setup failures may reduce risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart